Buffer overflows with terrible consequences can be caused by any unexpected input data if code doesn't handle that, even without being connected to Internet or bad actor feeding in this data with intent.

P.S. Buffer overflow problem could have been solved by segmented memory architecture of x86 protected mode (put every data structure in different memory segment with specified size, no overflows possible, CPU handles that), unfortunatelly, that didn't get widespread use, because wasn't portable to different CPU architectures and eventually got dropped from x86_64.